Vista, Hackers, Red Flags and Bulls

Microsoft (Nasdaq: MSFT) last week unleashed its six versions of its new operating system, Vista. The software maker's promises of a more robust kernel and built-in security enhancements have created the impression among consumers that third-party security solutions for antivirus, spyware and adware will become a thing of the past.

Meanwhile, computer security firms have been putting the finishing touches on their own updated products to resolve the vulnerabilities they say will inevitably be discovered in Vista.

Microsoft's foray into the malware protection market could be an attempt to muscle third-party vendors out the Vista security business. However, the company is far from becoming the last word on securing its newest OS family member.

Computer security issues will not be curtailed just because Microsoft says its new operating system will be tougher to crack than previous versions. Millions of unprotected or poorly protected computers will remain in use for years to come.

Even though Vista may have better defenses in its redesigned kernel, it will not become a dominant OS overnight, computer experts said.

Haphazard Migration

With Microsoft positioning itself as the primary security developer for its own operating system, nobody is sure yet what role third-party security software developers will play with Vista.

Microsoft welcomes continued product opportunities from third-party security vendors and wants its Vista users to have choices, the company told TechNewsWorld. Many of those vendors say Microsoft is treating them like an errant stepchild, withholding access to the kernel in Vista's crown jewel -- the 32-bit version of the new OS.

"Its too early to tell the impact of Microsoft's Vista on desktop and server products such as those from Symantec (Nasdaq: SYMC) and McAfee," Brian Laing, CSO of security software company RedSeal Systems, told TechNewsWorld. "Right now, some companies are just starting to move to Windows XP, let alone moving to Vista, an OS that has been out for such a short period of time."

As Vista rolls out the new security features, Laing predicted that two main things will happen.

First, consumers at home will adopt Vista's new security features out of convenience. Since they are a part of the operating system, it will be one less thing they need to buy.

Second, enterprise users will be unlikely to leave the security solutions for which they already have subscriptions from third-party vendors such as Symantec and McAfee any time soon. Before experienced users are willing to adopt Vista's own brand of security, Laing noted, Microsoft will have to prove that its new solutions work, that they do not have their own issues and that they can be managed in an enterprise.

This time delay and the large amount of resources available already to third-party security vendors should combine to give the security industry ample time to respond to Vista's new security features, according to Laing.

"You are already seeing companies start to look at more far-reaching solutions such as adopting security risk management software as the next big direction for them," Laing said.

Kernel Warfare

Larry Biddell, vice president of Global Securities Strategies at Grisoft, expects a repeat of trends he observed in earlier Microsoft roll-outs. These past trends show that Vista's security enhancements will not be long-lived.

Vista and the tightening of the kernel will not adversely affect the antivirus industry, Biddell told TechNewsWorld. When Microsoft shipped its Windows upgrade on 3.5-inch floppies instead of 5.25-inch floppy, other software vendors shifted to the new format. When Microsoft upgraded to Windows 95 and later to Windows Millennium and distributed the programs on CDs instead of floppies, many viruses indigenous to earlier delivery methods stopped working.

"Each time the file format changed, the virus landscape changed. Now some viruses and vulnerabilities won't work on Vista," Biddell explained.

That will only be temporary. Biddell likened the more secure Vista kernel as a challenge to virus writers. They will react to Vista as a bull does to a red flag.

Hackers will find new vulnerabilities in Vista, Biddell said. He sees the odds in the hackers' favor. Microsoft has added three new products in a very short time period -- Internet Explorer 7.0, Vista and Office Suite. As a result, he expects malware writers to find new vulnerabilities over the next few months.

The risk of new attack methods is too severe for computer users to fully trust Vista to protect itself from infections, Biddell added. He predicted that quite a few new malware and exploits will be written as proof of concepts.

"These will uncover issues. That's why consumers will still need other antivirus solutions. Vista is not going to be a magic bullet [that obliterates attacks]. Hackers will stil1 look to make money. Early adopters of these new programs will need to make sure they are protected," said Biddell.

The Greed Factor

John Safa, security expert and the chief architect at DriveSentry, fully agrees with the notion that malware groups will quickly topple Vista. He, too, fully expects hackers will respond to Microsoft's challenge.

"By claiming it has locked down Vista, Microsoft has effectively issued an open invitation to the hacking community to prove it wrong," Safa told TechNewsWorld.

It is a money issue, as well. Malware authors have realized they can easily turn a profit by posting malicious programs under the guise of cracks for high-profile software like the upcoming Windows Vista, Safa explained. Consumers will be bombarded with enticing solutions to bypass legitimate validation procedures, he noted.

When unsuspecting consumers download what they believe to be a legitimate crack, their personal data will either be destroyed or encrypted, often with a ransom note attached.

Perception Plus

Vista is a secure platform, preaches Ed Moyle, a manager with CTG's Information Security Services. Part of that security is the inclusion of additional features within the platform such as patchguard, unified access control and development methodologies such as the SDL to help reduce vulnerabilities. Microsoft is interested in changing the perception that its platforms are insecure by developing its own security features and adding them to Vista.

Microsoft does not want to take over system security, Moyle told TechNewsWorld. Instead, he said, Microsoft has gone after threats that are of direct concern to the majority of computer users.

"For example, Microsoft has targeted malware (spyware, viruses, rootkits) both through patchguard and also through antimalware product development. I believe it has done this because malware is a very public area of concern. By targeting this area, Microsoft gets quite a bit of visibility," Moyle said.

In the process of shoring up its image on security, Microsoft's antispyware product is likely to displace niche antispyware software in quite a few cases, he added. Thus, it is likely that there will be an impact to the sales of niche security products.